You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Andrew Stitcher (JIRA)" <ji...@apache.org> on 2012/05/22 00:03:41 UTC
[jira] [Created] (QPID-4013) Windows Broker SSL is more difficult
to use than necessary and possibly less secure than possible
Andrew Stitcher created QPID-4013:
-------------------------------------
Summary: Windows Broker SSL is more difficult to use than necessary and possibly less secure than possible
Key: QPID-4013
URL: https://issues.apache.org/jira/browse/QPID-4013
Project: Qpid
Issue Type: Improvement
Components: C++ Broker
Affects Versions: 0.16, 0.14, 0.17
Environment: Windows
Reporter: Andrew Stitcher
Assignee: Andrew Stitcher
Priority: Minor
Fix For: 0.17
The current Windows Broker SSL code always uses the LocalMachine certificate store opened read/write. This has a number of drawbacks:
* Opening read/write means that the broker has to run as administrator to use the certificates in the store. The broker only reads from the store so this is actually unnecessary.
* Forcing use of LocalMachine for the certificates means that they are readable by every user on the machine which might be a security issue. As it would allow any process on the machine to impersonate the qpid broker.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org
[jira] [Commented] (QPID-4013) Windows Broker SSL is more difficult
to use than necessary and possibly less secure than possible
Posted by "Andrew Stitcher (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-4013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13280563#comment-13280563 ]
Andrew Stitcher commented on QPID-4013:
---------------------------------------
This change adds a new ssl related option to qpidd:
--ssl-cert-store-location
with possible values CurrentUser, LocalMachine, CurrentService
This can be used to set the certificate store location that qpidd uses to find the server certificate it uses.
> Windows Broker SSL is more difficult to use than necessary and possibly less secure than possible
> -------------------------------------------------------------------------------------------------
>
> Key: QPID-4013
> URL: https://issues.apache.org/jira/browse/QPID-4013
> Project: Qpid
> Issue Type: Improvement
> Components: C++ Broker
> Affects Versions: 0.14, 0.16, 0.17
> Environment: Windows
> Reporter: Andrew Stitcher
> Assignee: Andrew Stitcher
> Priority: Minor
> Fix For: 0.17
>
>
> The current Windows Broker SSL code always uses the LocalMachine certificate store opened read/write. This has a number of drawbacks:
> * Opening read/write means that the broker has to run as administrator to use the certificates in the store. The broker only reads from the store so this is actually unnecessary.
> * Forcing use of LocalMachine for the certificates means that they are readable by every user on the machine which might be a security issue. As it would allow any process on the machine to impersonate the qpid broker.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org
[jira] [Commented] (QPID-4013) Windows Broker SSL is more difficult
to use than necessary and possibly less secure than possible
Posted by "Andrew Stitcher (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-4013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13280551#comment-13280551 ]
Andrew Stitcher commented on QPID-4013:
---------------------------------------
By default with this change the broker will use the current users personal certificate store; the default certificate name is the machine name. This means that you can generate an appropriate certificate to test with very simply by using "makecert".
viz:
makecert -r -pe -ss "My" -sk <MachineName> -n "CN=<MachineName>"
[Actually minimally:
makecert -ss "My" -n "CN=<MachineName>"
would work too]
replace <MachineName> with the name of the machine.
This will create a new certificate and store it in the user's certificate store.
Then starting qpidd with no command line parameters should correctly find the certificate and start an SSL listening port.
> Windows Broker SSL is more difficult to use than necessary and possibly less secure than possible
> -------------------------------------------------------------------------------------------------
>
> Key: QPID-4013
> URL: https://issues.apache.org/jira/browse/QPID-4013
> Project: Qpid
> Issue Type: Improvement
> Components: C++ Broker
> Affects Versions: 0.14, 0.16, 0.17
> Environment: Windows
> Reporter: Andrew Stitcher
> Assignee: Andrew Stitcher
> Priority: Minor
> Fix For: 0.17
>
>
> The current Windows Broker SSL code always uses the LocalMachine certificate store opened read/write. This has a number of drawbacks:
> * Opening read/write means that the broker has to run as administrator to use the certificates in the store. The broker only reads from the store so this is actually unnecessary.
> * Forcing use of LocalMachine for the certificates means that they are readable by every user on the machine which might be a security issue. As it would allow any process on the machine to impersonate the qpid broker.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org
[jira] [Resolved] (QPID-4013) Windows Broker SSL is more difficult
to use than necessary and possibly less secure than possible
Posted by "Andrew Stitcher (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-4013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrew Stitcher resolved QPID-4013.
-----------------------------------
Resolution: Fixed
Note that this change represents a small change in default functionality:
The broker now looks in the CurrentUser certificate store by default. To use the previous default specify "--ssl-cert-store-location LocalMachine" on the qpidd command line. Or set the equivalent option in the configuration file.
> Windows Broker SSL is more difficult to use than necessary and possibly less secure than possible
> -------------------------------------------------------------------------------------------------
>
> Key: QPID-4013
> URL: https://issues.apache.org/jira/browse/QPID-4013
> Project: Qpid
> Issue Type: Improvement
> Components: C++ Broker
> Affects Versions: 0.14, 0.16, 0.17
> Environment: Windows
> Reporter: Andrew Stitcher
> Assignee: Andrew Stitcher
> Priority: Minor
> Fix For: 0.17
>
>
> The current Windows Broker SSL code always uses the LocalMachine certificate store opened read/write. This has a number of drawbacks:
> * Opening read/write means that the broker has to run as administrator to use the certificates in the store. The broker only reads from the store so this is actually unnecessary.
> * Forcing use of LocalMachine for the certificates means that they are readable by every user on the machine which might be a security issue. As it would allow any process on the machine to impersonate the qpid broker.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org
[jira] [Commented] (QPID-4013) Windows Broker SSL is more difficult
to use than necessary and possibly less secure than possible
Posted by "Andrew Stitcher (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-4013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13280539#comment-13280539 ]
Andrew Stitcher commented on QPID-4013:
---------------------------------------
It would be better to always open the certificate store readonly.
The default certificate store should be the usual default, CurrentUser, which wouldn't be visible to other users on the machine.
However I suggest that the certificate store used should be configurable for flexibility and backwards compatibility. It would also make sense to allow CurrentService as an option as running qpidd as a service is now possible.
> Windows Broker SSL is more difficult to use than necessary and possibly less secure than possible
> -------------------------------------------------------------------------------------------------
>
> Key: QPID-4013
> URL: https://issues.apache.org/jira/browse/QPID-4013
> Project: Qpid
> Issue Type: Improvement
> Components: C++ Broker
> Affects Versions: 0.14, 0.16, 0.17
> Environment: Windows
> Reporter: Andrew Stitcher
> Assignee: Andrew Stitcher
> Priority: Minor
> Fix For: 0.17
>
>
> The current Windows Broker SSL code always uses the LocalMachine certificate store opened read/write. This has a number of drawbacks:
> * Opening read/write means that the broker has to run as administrator to use the certificates in the store. The broker only reads from the store so this is actually unnecessary.
> * Forcing use of LocalMachine for the certificates means that they are readable by every user on the machine which might be a security issue. As it would allow any process on the machine to impersonate the qpid broker.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org